summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBjörn Mattsson <Bjorn.Mattsson@bth.se>2020-11-23 11:23:49 +0100
committerBjörn Mattsson <Bjorn.Mattsson@bth.se>2020-11-23 11:23:49 +0100
commit33e1be1ca738154340bb8db8a48f3b097ed8cffc (patch)
treea4fa72399dfa39f78f58bdb270cd9b7a415e7569
parent344a76af21bf2d7d189de7d278875d28a7185cb0 (diff)
Resolved SWAMID-3546 and 3547
-rw-r--r--swamid-2.0/mp.uu.se-Shibboleth.sso.xml57
-rw-r--r--swamid-2.0/test.mp.uu.se-shibboleth-sso.xml30
2 files changed, 69 insertions, 18 deletions
diff --git a/swamid-2.0/mp.uu.se-Shibboleth.sso.xml b/swamid-2.0/mp.uu.se-Shibboleth.sso.xml
index 36f95620..169f5933 100644
--- a/swamid-2.0/mp.uu.se-Shibboleth.sso.xml
+++ b/swamid-2.0/mp.uu.se-Shibboleth.sso.xml
@@ -4,17 +4,35 @@
<mdrpi:RegistrationInfo registrationAuthority="http://www.swamid.se/">
<mdrpi:RegistrationPolicy xml:lang="en">https://www.sunet.se/wp-content/uploads/2016/08/SWAMID-Metadata-Registration-Practice-Statement-v2.pdf</mdrpi:RegistrationPolicy>
</mdrpi:RegistrationInfo>
+ <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
+ <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/>
+ <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/>
+ <alg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/>
+ <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/>
+ <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/>
+ <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"/>
+ <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
+ <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/>
+ <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+ <alg:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/>
+ <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/>
+ <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+ <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
<samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category">
- <samla:AttributeValue>http://www.swamid.se/category/hei-service</samla:AttributeValue>
<samla:AttributeValue>http://www.swamid.se/category/research-and-education</samla:AttributeValue>
+ <samla:AttributeValue>http://www.swamid.se/category/hei-service</samla:AttributeValue>
<samla:AttributeValue>http://refeds.org/category/research-and-scholarship</samla:AttributeValue>
</samla:Attribute>
</mdattr:EntityAttributes>
</md:Extensions>
- <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol">
+ <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:Extensions>
<init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://mp.uu.se/Shibboleth.sso/Login"/>
+ <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://mp.uu.se/Shibboleth.sso/DS"/>
+ <idpdisc:DiscoveryResponse xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://mp.uu.se/Shibboleth.sso/DS" index="1"/>
<mdui:UIInfo>
<mdui:DisplayName xml:lang="sv">Medarbetarportalen vid Uppsala universitet</mdui:DisplayName>
<mdui:DisplayName xml:lang="en">The Staff Portal (Medarbetarportalen) at Uppsala University</mdui:DisplayName>
@@ -26,9 +44,10 @@
</md:Extensions>
<md:KeyDescriptor>
<ds:KeyInfo>
+ <ds:KeyName>mp.uu.se</ds:KeyName>
<ds:X509Data>
- <ds:X509Certificate>
-MIIC3zCCAcegAwIBAgIJAKpDmQ/flLdVMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
+ <ds:X509SubjectName>CN=mp.uu.se</ds:X509SubjectName>
+ <ds:X509Certificate>MIIC3zCCAcegAwIBAgIJAKpDmQ/flLdVMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
BAMTCG1wLnV1LnNlMB4XDTEyMTAxMTE0NTAyOFoXDTIyMTAwOTE0NTAyOFowEzER
MA8GA1UEAxMIbXAudXUuc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCvr+kBJ2UuNB0YitaXHig2ksWqvlio4e3zfQpQUVM97ING6GwaLtHFBVuOyKgI
@@ -44,17 +63,31 @@ w7f1NHlFokb1v7FvN/WKxf37z8Cy49Sfg9Hg6lv+jNobb5lSBjwnTICfCl+ffdFu
xHXT67mQsDSoiBiExsGPjtqxbrVy2v9WV1Oup6UjXIgOacpaDNErD1XzAkQP6LD4
t9uEzq8Qiu8ImRG9SyPDd76umF5tLtg53EHaK1o2LnSU4CyjsnUX5Np1l13rMKaR
Ohr8KLKt6tC/JZ059e8ENxrN7g==
- </ds:X509Certificate>
+</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
+ <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/>
+ <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/>
+ <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/>
+ <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/>
+ <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
+ <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+ <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/>
+ <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
</md:KeyDescriptor>
+ <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://mp.uu.se/Shibboleth.sso/Artifact/SOAP" index="1"/>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://mp.uu.se/Shibboleth.sso/SLO/SOAP"/>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://mp.uu.se/Shibboleth.sso/SLO/Redirect"/>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://mp.uu.se/Shibboleth.sso/SLO/POST"/>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://mp.uu.se/Shibboleth.sso/SLO/Artifact"/>
+ <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://mp.uu.se/Shibboleth.sso/NIM/SOAP"/>
+ <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://mp.uu.se/Shibboleth.sso/NIM/Redirect"/>
+ <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://mp.uu.se/Shibboleth.sso/NIM/POST"/>
+ <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://mp.uu.se/Shibboleth.sso/NIM/Artifact"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://mp.uu.se/Shibboleth.sso/SAML2/POST" index="1"/>
- <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://mp.uu.se/Shibboleth.sso/SAML2/ECP" index="3"/>
- <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://mp.uu.se/Shibboleth.sso/SAML/POST" index="4"/>
+ <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://mp.uu.se/Shibboleth.sso/SAML2/Artifact" index="3"/>
+ <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://mp.uu.se/Shibboleth.sso/SAML2/ECP" index="4"/>
<md:AttributeConsumingService index="1">
<md:ServiceName xml:lang="sv">Medarbetarportalen vid Uppsala universitet</md:ServiceName>
<md:ServiceName xml:lang="en">The Staff Portal (Medarbetarportalen) at Uppsala University</md:ServiceName>
@@ -73,13 +106,21 @@ Ohr8KLKt6tC/JZ059e8ENxrN7g==
<md:OrganizationURL xml:lang="sv">http://www.uu.se/</md:OrganizationURL>
<md:OrganizationURL xml:lang="en">http://www.uu.se/en/</md:OrganizationURL>
</md:Organization>
+ <md:ContactPerson contactType="administrative">
+ <md:Company>Uppsala universitet</md:Company>
+ <md:SurName>Servicedesk</md:SurName>
+ <md:EmailAddress>mailto:servicedesk@uu.se</md:EmailAddress>
+ <md:TelephoneNumber>+46-18-4714400</md:TelephoneNumber>
+ </md:ContactPerson>
<md:ContactPerson contactType="technical">
<md:Company>Uppsala universitet</md:Company>
+ <md:SurName>Operations</md:SurName>
<md:EmailAddress>mailto:liferay-datordrift@its.uu.se</md:EmailAddress>
</md:ContactPerson>
<md:ContactPerson contactType="support">
<md:Company>Uppsala universitet</md:Company>
+ <md:SurName>Servicedesk</md:SurName>
<md:EmailAddress>mailto:servicedesk@uu.se</md:EmailAddress>
- <md:TelephoneNumber>+46184714400</md:TelephoneNumber>
+ <md:TelephoneNumber>+46-18-4714400</md:TelephoneNumber>
</md:ContactPerson>
</md:EntityDescriptor>
diff --git a/swamid-2.0/test.mp.uu.se-shibboleth-sso.xml b/swamid-2.0/test.mp.uu.se-shibboleth-sso.xml
index 2814c880..e71c6b68 100644
--- a/swamid-2.0/test.mp.uu.se-shibboleth-sso.xml
+++ b/swamid-2.0/test.mp.uu.se-shibboleth-sso.xml
@@ -9,10 +9,15 @@
<alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/>
<alg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/>
+ <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/>
+ <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/>
+ <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"/>
<alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
<alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/>
<alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<alg:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/>
+ <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/>
<alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
@@ -23,9 +28,11 @@
</samla:Attribute>
</mdattr:EntityAttributes>
</md:Extensions>
- <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:1.0:protocol">
+ <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:Extensions>
<init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://test.mp.uu.se/Shibboleth.sso/Login"/>
+ <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://test.mp.uu.se/Shibboleth.sso/DS"/>
+ <idpdisc:DiscoveryResponse xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://test.mp.uu.se/Shibboleth.sso/DS" index="1"/>
<mdui:UIInfo>
<mdui:DisplayName xml:lang="sv">Medarbetarportalen vid Uppsala universitet (TEST)</mdui:DisplayName>
<mdui:DisplayName xml:lang="en">The Staff Portal (Medarbetarportalen) at Uppsala University (TEST)</mdui:DisplayName>
@@ -59,6 +66,9 @@ f91arR1JmuNzmHFNaLikuWCqw/8qr938FM2uP4W2OTcMm998DSp5z+SDOHphuhZF
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
+ <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/>
+ <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/>
+ <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/>
<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/>
<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
@@ -67,7 +77,6 @@ f91arR1JmuNzmHFNaLikuWCqw/8qr938FM2uP4W2OTcMm998DSp5z+SDOHphuhZF
<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
</md:KeyDescriptor>
<md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://test.mp.uu.se/Shibboleth.sso/Artifact/SOAP" index="1"/>
- <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://test.mp.uu.se/Shibboleth.sso/Artifact/SOAP" index="2"/>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://test.mp.uu.se/Shibboleth.sso/SLO/SOAP"/>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://test.mp.uu.se/Shibboleth.sso/SLO/Redirect"/>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://test.mp.uu.se/Shibboleth.sso/SLO/POST"/>
@@ -77,15 +86,8 @@ f91arR1JmuNzmHFNaLikuWCqw/8qr938FM2uP4W2OTcMm998DSp5z+SDOHphuhZF
<md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://test.mp.uu.se/Shibboleth.sso/NIM/POST"/>
<md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://test.mp.uu.se/Shibboleth.sso/NIM/Artifact"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://test.mp.uu.se/Shibboleth.sso/SAML2/POST" index="1"/>
- <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://test.mp.uu.se/Shibboleth.sso/SAML2/POST-SimpleSign" index="2"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://test.mp.uu.se/Shibboleth.sso/SAML2/Artifact" index="3"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://test.mp.uu.se/Shibboleth.sso/SAML2/ECP" index="4"/>
- <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://test.mp.uu.se/Shibboleth.sso/SAML2/POST" index="5"/>
- <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://test.mp.uu.se/Shibboleth.sso/SAML2/POST-SimpleSign" index="6"/>
- <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://test.mp.uu.se/Shibboleth.sso/SAML2/Artifact" index="7"/>
- <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://test.mp.uu.se/Shibboleth.sso/SAML2/ECP" index="8"/>
- <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://test.mp.uu.se/Shibboleth.sso/SAML/POST" index="9"/>
- <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://test.mp.uu.se/Shibboleth.sso/SAML/Artifact" index="10"/>
<md:AttributeConsumingService index="1">
<md:ServiceName xml:lang="sv">Medarbetarportalen vid Uppsala universitet (TEST)</md:ServiceName>
<md:ServiceName xml:lang="en">The Staff Portal (Medarbetarportalen) at Uppsala University (TEST)</md:ServiceName>
@@ -104,13 +106,21 @@ f91arR1JmuNzmHFNaLikuWCqw/8qr938FM2uP4W2OTcMm998DSp5z+SDOHphuhZF
<md:OrganizationURL xml:lang="sv">http://www.uu.se/</md:OrganizationURL>
<md:OrganizationURL xml:lang="en">http://www.uu.se/en/</md:OrganizationURL>
</md:Organization>
+ <md:ContactPerson contactType="administrative">
+ <md:Company>Uppsala universitet</md:Company>
+ <md:SurName>Servicedesk</md:SurName>
+ <md:EmailAddress>mailto:servicedesk@uu.se</md:EmailAddress>
+ <md:TelephoneNumber>+46-18-4714400</md:TelephoneNumber>
+ </md:ContactPerson>
<md:ContactPerson contactType="technical">
<md:Company>Uppsala universitet</md:Company>
+ <md:SurName>Operations</md:SurName>
<md:EmailAddress>mailto:liferay-datordrift@its.uu.se</md:EmailAddress>
</md:ContactPerson>
<md:ContactPerson contactType="support">
<md:Company>Uppsala universitet</md:Company>
+ <md:SurName>Servicedesk</md:SurName>
<md:EmailAddress>mailto:servicedesk@uu.se</md:EmailAddress>
- <md:TelephoneNumber>+46184714400</md:TelephoneNumber>
+ <md:TelephoneNumber>+46-18-4714400</md:TelephoneNumber>
</md:ContactPerson>
</md:EntityDescriptor>